CN107273759B - Method, apparatus, and computer-readable storage medium for protecting blockchain data - Google Patents
Method, apparatus, and computer-readable storage medium for protecting blockchain data Download PDFInfo
- Publication number
- CN107273759B CN107273759B CN201710318981.8A CN201710318981A CN107273759B CN 107273759 B CN107273759 B CN 107273759B CN 201710318981 A CN201710318981 A CN 201710318981A CN 107273759 B CN107273759 B CN 107273759B
- Authority
- CN
- China
- Prior art keywords
- node
- data
- key
- intelligent contract
- blockchain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
Abstract
The present disclosure relates to methods, devices, and computer-readable storage media for protecting blockchain data. The method for protecting blockchain data comprises the following steps: creating an intelligent contract at a first node of a blockchain, the intelligent contract being set with a rights management field, the rights management field including a list of accessible addresses; encrypting the smart contract using the key at the first node and including the encrypted smart contract in the block data at the first node; distributing, at the first node, a key to a second node of the blockchain according to the list of accessible addresses; and sending the block data at the first node to the second node.
Description
Technical Field
Embodiments of the present disclosure relate generally to blockchain technology and, more particularly, relate to a method, apparatus, and computer-readable storage medium for protecting blockchain data.
Background
Blockchains are receiving wide attention as a new type of decentralized recording technology. Since the blockchain itself does not support data protection, data protection is one of the key technologies for blockchain applications (e.g., business).
The existing solutions include: 1) multi-chain + plaintext data, i.e. each block link point requires maintenance of multiple block chains; 2) homomorphic algorithms or zero knowledge proofs. Of the two solutions, the first solution has backup risk and consensus risk caused by the limited number of nodes on a single blockchain; the second solution has the problems of high algorithm complexity and low execution efficiency.
Disclosure of Invention
Embodiments of the present disclosure provide methods, apparatuses, and computer-readable storage media for protecting blockchain data to at least partially address the above and other potential problems of the prior art.
In a first aspect of the disclosure, a method for protecting blockchain data is provided. The method comprises the following steps: creating an intelligent contract at a first node of a blockchain, the intelligent contract being set with a rights management field, the rights management field including a list of accessible addresses; encrypting the smart contract using the key at the first node and including the encrypted smart contract in the block data at the first node; distributing, at the first node, a key to a second node of the blockchain according to the list of accessible addresses; and sending the block data at the first node to the second node,
in a second aspect of the disclosure, an apparatus for protecting blockchain data is provided. The apparatus comprises: a processor; a memory coupled to the processor and storing instructions that, when executed by the processor, cause the device to perform the following acts: creating an intelligent contract at a first node of a blockchain, the intelligent contract being set with a rights management field, the rights management field including a list of accessible addresses; encrypting the smart contract using the key at the first node and including the encrypted smart contract in the block data at the first node; distributing, at the first node, a key to a second node of the blockchain according to the list of accessible addresses; and sending the block data at the first node to the second node.
In a third aspect of the disclosure, a computer-readable storage medium is provided. The computer readable storage medium has computer readable program instructions stored thereon for performing the method according to the above described in the first aspect of the present disclosure.
Drawings
Embodiments of the present disclosure will now be described, by way of example only, with reference to the accompanying schematic drawings in which like reference symbols indicate like or similar elements, and in which:
FIG. 1 shows a schematic diagram of a blockchain technique;
FIG. 2 shows a flow diagram of a method for protecting blockchain data according to an embodiment of the present disclosure;
FIG. 3 illustrates an example implementation of a method for protecting blockchain data in accordance with an embodiment of the present disclosure; and
fig. 4 shows a schematic diagram of an apparatus for protecting blockchain data according to an embodiment of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
The term "include" and variations thereof as used herein are open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment". Relevant definitions for other terms will be given in the following description.
Fig. 1 shows a schematic diagram of a blockchain technique, and the methods, apparatuses, and computer-readable storage media in example embodiments of the present disclosure may be implemented in such a scenario (e.g., blockchain network). It should be appreciated that blockchains are a new application model for distributed data storage, point-to-point transmission, consensus mechanisms, encryption algorithms, and other computer technologies. The consensus mechanism is a mathematical algorithm for establishing trust and obtaining rights and interests among different nodes in the blockchain system. Since the blockchain is a novel decentralized recording technology, the blockchain has attracted extensive attention and is increasingly widely applied.
With respect to the concept of intelligent contracts, the cryptologist Nick Szabo gives the definition that "an intelligent contract is a set of numerically defined commitments (promises) that include agreements on which the contract participants can execute the commitments". Essentially, the working principle of these automatic contracts is similar to if-then statements of other computer programs. Smart contracts interact with real-world assets only in this manner. When a pre-programmed condition is triggered, the intelligent contract executes the corresponding contract clause.
Conventionally, since the blockchain itself does not support data protection, data protection is one of the key technologies for the use of blockchains. Taking a typical application scenario of blockchains, supply chain management, as an example, upstream and downstream enterprises of a supply chain form various nodes on the blockchain. This scenario is not suitable for data transactions using the traditional multi-chain format. Moreover, for any enterprise on the chain, since the transaction is limited to only a portion of the enterprise on the chain, unnecessary transaction information sharing will result in the leakage of business secrets.
To address the above and other potential drawbacks and problems, embodiments of the present disclosure provide a method, apparatus, and computer-readable storage medium for protecting blockchain data. Several example embodiments of the present disclosure will be described below with reference to the accompanying drawings.
Fig. 2 shows a flow diagram of a method 200 for protecting blockchain data according to an embodiment of the present disclosure. The method 200 can be applied to the block chain network shown in fig. 1.
At 202, an intelligent contract is created at a first node of a blockchain, the intelligent contract may be set with a rights management field that includes a list of accessible addresses.
In some example implementations, the rights management field may further include access rights of the second node to the smart contract, and the access rights may include read-write access rights that set the read-write rights.
Taking three blockchain nodes as an example, as shown in fig. 3, an example implementation of the method for protecting blockchain data is shown. The blockchain network includes, for example, three blockchain nodes, namely, blockchain node 1 (referred to as a "first node"), blockchain node 2 (referred to as a "second node"), and blockchain node 3 (referred to as a "third node"). Where intelligent contracts are created at block chaining point 1, additional rights management fields may be added at commit time that may contain a list of accessible addresses (e.g., a list of accessible address hash values). In this way, the private data can be managed through the intelligent contract, and corresponding access rights are configured.
Additionally, when creating an intelligent contract at a block chain node 1, the rights management field may contain access rights of the block chain node 2 to the intelligent contract in addition to the accessible address list. The rights management field may also contain access rights for the blockchain node 3 to the intelligent contract. The access right may include, for example, setting a read-write access right for a specific read-write or a specific data interface access. It should be understood that the definition of "access rights" herein is merely exemplary and is not intended to limit the scope of the present disclosure in any way.
For example, as shown in fig. 3, a smart contract X may be created at block chain link point 1 of a block chain and a rights management field may be set whose contents are hash values of the addresses of block chain link points 2 and 3 (i.e., "3C344bQYPs L5 FXAbv67kGksN L R1urufnE" and "3 gfhwazfdtpudbs 396PirD5jzHRDv9ni1n"), and access rights of block chain nodes 2 and 3 to the smart contract X.
By way of example, the contents of the rights management fields of the specific implementation are as follows.
By way of the above example, a rights management field for intelligent contract X may be set. Also, according to the accessible address list in the above rights management field, the block chain nodes 2 and block chain node 3 on the block chain can access the intelligent contract X created at the block chain node 1. Additionally, since the access right of the block chain node 2 and the block chain node 3 to the intelligent contract may also be set in the right management field, the block chain node 2 and the block chain node 3 may respectively have different access rights to the intelligent contract X according to such access right.
In some example implementations, if the smart contract is not set with the rights management field, the smart contract will be processed as a public smart contract (such as the public smart contract shown in FIG. 3), i.e., the creation and transaction information for the smart contract will be in clear text.
At 204, the smart contract is encrypted using the key at the first node and the encrypted smart contract is included in the block data at the first node.
For example, the chunk data is used for inter-chunk chain communication, where the encrypted smart contract at the first node may be included in the chunk data, which may then be sent to other nodes on the chunk chain (e.g., chunk chain node 2 and chunk chain node 3 in fig. 3). For example, all transaction data of the smart contract may be added to the block data in ciphertext form, and then may be sent to other nodes on the blockchain.
In this way, it can be ensured that private data (e.g., the intelligent contract Y at the first node) is stored on the block chain in a ciphertext form, all nodes can be backed up, and there is no backup risk due to the limitation of the number of nodes (e.g., the limitation of the number of nodes in the conventional multi-chain + plaintext data technology). Moreover, because the specific implementation only depends on the common encryption algorithm, the efficiency problem caused by high time delay (for example, the high time delay caused by high algorithm complexity in the traditional homomorphic algorithm technology) does not exist.
In some example implementations, the tile data also includes a tile number, transaction data, a signature, and a random number (Nonce).
For example, the chunk data is part of the data on the chain and is used for data communication between the chunk chain nodes, and the smart contract data may be included in the chunk data. When the data is saved, the original data of the block can be saved separately and separated from the execution state data of the intelligent contract. Since the block data can be shared by the whole network, the consistency of the data on the block chain can be fundamentally ensured.
At 206, a key is distributed at the first node to a second node of the blockchain according to the accessible address list.
In some example implementations, distributing, at the first node, the key to the second node according to the list of accessible addresses includes: the key distribution is performed in point-to-point communication, and the key comprises a symmetric key.
As shown in fig. 3, blockchain node 1 has created intelligent contract Y and specified in the accessible address list that only blockchain node 2 is accessible (e.g., S1 in fig. 3-create intelligent contract Y, set blockchain node 2 accessible). Accordingly, blockchain node 1 may distribute keys only to blockchain node 2 in point-to-point communication (e.g., S2 in fig. 3 — sending smart contract Y keys to blockchain node 2).
At 208, the block data is sent at the first node to the second node.
In some example implementations, the method 200 shown in fig. 2 may further include: the block data is sent at the first node to a third node of the block chain without distributing keys to the third node.
In some example implementations, the key and the chunk data are received at the second node, and the encrypted smart contract is decrypted from the chunk data using the key to create a decrypted smart contract. Additionally, the transaction may be executed at the second node according to the decrypted smart contract.
As shown in fig. 3, after including the encrypted smart contract Y in the tile data at the first node (i.e., tile link point 1), the tile chain node 1 may transmit the tile data in a broadcast manner to all the tile chain nodes including the second node (i.e., tile link point 2) and the third node (i.e., tile link point 3) (e.g., S3 in fig. 3-encrypted smart contract Y, and S4 in fig. 3-transmitted encrypted smart contract Y (which is included in the tile data)).
At this time, since the blockchain node 2 receives the key of the smart contract Y transmitted from the first node, and the blockchain node 3 does not receive such a key, the blockchain node 2 may decrypt with such a key after receiving the blockchain data (e.g., S5 in fig. 3 — decrypt the smart contract Y) so as to create a decrypted smart contract Y at the blockchain node 2 (e.g., S6 in fig. 3 — establish a logical data slice of the smart contract Y), and since the blockchain node 3 does not receive such a key, the decrypted smart contract Y may not be created at the blockchain node 3 (e.g., S5 in fig. 3 — decrypt the smart contract Y fails).
In this way, after the smart contract is created at the first node and the encrypted smart contract is included in the block data at the first node, all other nodes on the blockchain may receive the block data (i.e., it is realized that all nodes can be backed up), but only the node owning the key of the smart contract can decrypt and execute the corresponding transaction, thereby realizing the protection function for the data on the blockchain (for example, when the transaction is limited to only a part of enterprises on the supply chain, the problem of business secret leakage caused by unnecessary transaction information sharing is avoided).
The method 200 may also include additional data consensus processes, according to embodiments of the present disclosure. For example, after 208, a data consensus may be made between the first node and the second node via point-to-point communication.
The data consensus here refers to, for example, using an existing consensus algorithm (e.g., raft/pbft) to confirm data consistency among multiple nodes on a block chain. In this way, the present disclosure can achieve data consensus while ensuring data privacy.
In some example implementations, the data consensus may be performed based on a transaction data summary formed from the block number, the smart contract number of the smart contract, and historical transaction data for the smart contract.
Here, the data consensus (e.g., the consensus of private data (such as smart contract Y)) may have a unique identification, i.e., a block number and a smart contract number (which may be, for example, a smart contract address or a uniquely specified ID). Furthermore, the local consensus can be achieved by using the existing consensus algorithm.
To obtain the block number and the intelligent contract number, the historical transaction data and the current state of each intelligent contract may be logically isolated when stored. For example, the same physical database may be used at the bottom level, or different physical databases may be used. During storage, after any transaction is executed, a record with the block number and the intelligent contract number as key values can be inserted into the logic database of the intelligent contract so as to be used for subsequently finishing data consensus.
Accordingly, in some example implementations, historical transaction data and a current state of the intelligent contract may be stored in logical isolation in a database, the current state of the intelligent contract being queried according to a block number stored in the database and an intelligent contract number of the intelligent contract.
Further, the data consensus may be accomplished through point-to-point communication, and nodes deploying the same intelligent contract (e.g., block link point 1 and block link point 2 deployed with the same intelligent contract Y in fig. 3) may participate in the consensus (e.g., S7 in fig. 3 — consensus of blocks completing a transaction of the intelligent contract Y). Moreover, data consensus may be initiated by a node submitting an intelligent contract (e.g., block chain node 1 creating an intelligent contract in fig. 3), sending data waiting for consensus via point-to-point communication, such as:
the above data waiting for consensus includes a block number (blockhash), a smart contract number (contract), and a transaction data digest (such as the above mentioned merkleroot value) formed from all the smart contract history data. In particular, merkleroot may be generated based on historical transaction data for the intelligent contract, generating a digest (here, a hash value) for each transaction, inserting the underlying node as a number of merkles, and updating the root node value. The data waiting for consensus herein is merely exemplary and is not intended to limit the scope of the present disclosure in any way.
Therefore, since private data (such as an intelligent contract Y) is stored in the block data in a ciphertext form, all nodes on a block chain can be backed up, and data consensus can be achieved on the block data, the backup risk and consensus risk caused by the limitation of the number of the nodes (such as the limitation of the number of the nodes in the traditional multi-chain + plaintext data technology) do not exist.
Fig. 4 illustrates an apparatus 400 for protecting blockchain data according to an embodiment of the present disclosure. The device 400 includes a processor 402 and a memory 404. The memory 404 is coupled to the processor 402 and stores instructions that, when executed by the processor, cause the device to perform the following acts: creating an intelligent contract at a first node of a blockchain, the intelligent contract being set with a rights management field, the rights management field including a list of accessible addresses; encrypting the smart contract using the key at the first node and including the encrypted smart contract in the block data at the first node; distributing, at the first node, a key to a second node of the blockchain according to the list of accessible addresses; and sending the block data at the first node to the second node.
In some example implementations, the apparatus 400 for protecting blockchain data may correspond to any node on a blockchain. As an example, each blockchain node may contain a respective processor 402 and memory 404, where the processor 402 may include a data management module 406 and a key management module 408.
The data management module 406 may be responsible for managing tile data and intelligent contract data, for example. Wherein the block data is a part of the data on the chain and is used for inter-node data communication, and the intelligent contract data is included in the block data. When the data is saved, the original data of the block is saved separately and is separated from the execution state data of the intelligent contract. The block data is shared in the whole network, so that the consistency of the data on the chain is fundamentally ensured. Here, the intelligent contract for managing private data may be stored in an independent logical data segment (for example, the intelligent contract for managing private data, the original contract and the transaction data of which are encrypted and stored in a unique block chain, each intelligent contract corresponds to an independent data segment), and the current state is queried according to a block number and an intelligent contract number (for example, an intelligent contract address or a uniquely specified ID).
The present disclosure may be implemented as a computer-readable storage medium having computer-readable program instructions stored thereon which may be used to perform a method for protecting blockchain data as described in accordance with the example embodiment in fig. 1.
Depending on the particular needs and application scenarios, the present disclosure may be embodied as a system, method, and/or computer program product. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied thereon for carrying out various aspects of the present disclosure.
For example, but not limited to, illustrative types of hardware logic components that may be used include Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), complex programmable logic devices (CP L D), and so forth.
The computer readable storage medium may be a tangible device that can hold and store the instructions for use by the instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as punch cards or in-groove projection structures having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media as used herein is not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses through a fiber optic cable), or electrical signals transmitted through electrical wires.
The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or to an external computer or external storage device via a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in the respective computing/processing device.
Computer program instructions for carrying out operations of the present disclosure may be assembler instructions, Instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including AN object oriented programming language such as Smalltalk, C + +, or the like, as well as conventional procedural programming languages, such as the "C" language or similar programming languages.
Various aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer-readable program instructions may also be stored in a computer-readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer-readable medium storing the instructions comprises an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Further, while operations are depicted in a particular order, this should be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. Under certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate implementations can also be implemented in combination in a single implementation. Conversely, various features that are described in the context of a single implementation can also be implemented in multiple implementations separately or in any suitable subcombination.
Some example implementations of the present disclosure are listed below.
The present disclosure may be implemented as a method for protecting blockchain data, comprising: creating an intelligent contract at a first node of the blockchain, the intelligent contract being set with a rights management field, the rights management field including a list of accessible addresses; encrypting the smart contracts using a key at the first node and including the encrypted smart contracts in block data at the first node; distributing, at the first node, the key to a second node of the blockchain according to the list of accessible addresses; and sending the block data at the first node to the second node.
In some embodiments, the permission management field further includes an access permission of the second node to the intelligent contract, and the access permission includes a read-write access permission for setting a read-write permission.
In some embodiments, said distributing at said first node said key to said second node according to said list of accessible addresses comprises: key distribution is performed in point-to-point communication, the keys comprising symmetric keys.
In some embodiments, the key and the chunk data are received at the second node, and the encrypted smart contracts are decrypted from the chunk data using the key to create the decrypted smart contracts.
In some embodiments, a transaction is performed at the second node according to the decrypted smart contract.
In some embodiments, the tile data further includes a tile number, transaction data, a signature, and a random number.
In some embodiments, historical transaction data and a current state of the intelligent contract are stored in logical isolation in a database, the current state of the intelligent contract being queried according to the block number and the intelligent contract number of the intelligent contract stored in the database.
In some embodiments, the first node and the second node share data via point-to-point communication.
In some embodiments, the data consensus is performed based on a transaction data summary formed from the block number, the smart contract number of the smart contract, and historical transaction data for the smart contract.
In some embodiments, the method further comprises: sending, at the first node, the block data to a third node of the blockchain without distributing the key to the third node.
The present disclosure may be implemented as an apparatus for protecting blockchain data, comprising: a processor; a memory coupled to the processor and storing instructions that, when executed by the processor, cause the device to perform the following acts: creating an intelligent contract at a first node of the blockchain, the intelligent contract being set with a rights management field, the rights management field including a list of accessible addresses; encrypting the smart contracts using a key at the first node and including the encrypted smart contracts in block data at the first node; distributing, at the first node, the key to a second node of the blockchain according to the list of accessible addresses; and sending the block data at the first node to the second node.
In some embodiments, the permission management field further includes an access permission of the second node to the intelligent contract, and the access permission includes a read-write access permission for setting a read-write permission.
In some embodiments, said distributing at said first node said key to said second node according to said list of accessible addresses comprises: key distribution is performed in point-to-point communication, the keys comprising symmetric keys.
In some embodiments, the key and the chunk data are received at the second node, and the encrypted smart contracts are decrypted from the chunk data using the key to create the decrypted smart contracts.
In some embodiments, a transaction is performed at the second node according to the decrypted smart contract.
In some embodiments, the tile data further includes a tile number, transaction data, a signature, and a random number.
In some embodiments, historical transaction data and a current state of the intelligent contract are stored in logical isolation in a database, the current state of the intelligent contract being queried according to the block number and the intelligent contract number of the intelligent contract stored in the database.
In some embodiments, the first node and the second node share data via point-to-point communication.
In some embodiments, the data consensus is performed based on a transaction data summary formed from the block number, the smart contract number of the smart contract, and historical transaction data for the smart contract.
In some embodiments, the instructions, when executed by the processor, cause the apparatus to further perform the following: sending, at the first node, the block data to a third node of the blockchain without distributing the key to the third node.
The present disclosure may be implemented as a computer readable storage medium having computer readable program instructions stored thereon for performing a method for protecting blockchain data according to the above description.
Many modifications and other embodiments of the disclosure set forth herein will come to mind to one skilled in the art to which this disclosure pertains having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the embodiments of the disclosure are not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the disclosure. Moreover, while the above description and the related figures describe example embodiments in the context of certain example combinations of components and/or functions, it should be appreciated that different combinations of components and/or functions may be provided by alternative embodiments without departing from the scope of the present disclosure. In this regard, for example, other combinations of components and/or functions than those explicitly described above are also contemplated as within the scope of the present disclosure. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.
Claims (21)
1. A method for protecting blockchain data, comprising:
creating an intelligent contract at a first node of the blockchain, the intelligent contract being set with a rights management field, the rights management field including a list of accessible addresses;
encrypting the smart contracts using a key at the first node and including the encrypted smart contracts in block data at the first node;
distributing, at the first node, the key to a second node of the blockchain according to the list of accessible addresses; and
and sending the block data to the second node at the first node, wherein local data consensus is carried out between the first node and the second node at least according to the block number and the intelligent contract number of the intelligent contract.
2. The method of claim 1, wherein the rights management field further includes access rights to the smart contract by the second node, the access rights including read-write access rights that set read-write rights.
3. The method of claim 1 or 2, wherein said distributing at the first node the key to the second node according to the list of accessible addresses comprises:
key distribution is performed in point-to-point communication, the keys comprising symmetric keys.
4. A method according to claim 1 or 2, wherein the key and the chunk data are received at the second node and the encrypted smart contracts are decrypted from the chunk data using the key to create the decrypted smart contracts.
5. The method of claim 4, wherein a transaction is performed at the second node according to the decrypted smart contract.
6. The method of claim 1 or 2, wherein the tile data further comprises a tile number, transaction data, a signature, and a random number.
7. The method of claim 6, wherein historical transaction data and a current state of the intelligent contract are stored in logical isolation in a database, the current state of the intelligent contract being queried according to the block number stored in the database and an intelligent contract number of the intelligent contract.
8. The method of claim 6, wherein the first node and the second node share data via point-to-point communication.
9. The method of claim 8, wherein the data consensus is performed based on a transaction data summary formed from the block number, a smart contract number for the smart contract, and historical transaction data for the smart contract.
10. The method of claim 1 or 2, further comprising:
sending, at the first node, the block data to a third node of the blockchain without distributing the key to the third node.
11. An apparatus for protecting blockchain data, comprising:
a processor;
a memory coupled to the processor and storing instructions that, when executed by the processor, cause the device to perform the following acts:
creating an intelligent contract at a first node of the blockchain, the intelligent contract being set with a rights management field, the rights management field including a list of accessible addresses;
encrypting the smart contracts using a key at the first node and including the encrypted smart contracts in block data at the first node;
distributing, at the first node, the key to a second node of the blockchain according to the list of accessible addresses; and
and sending the block data to the second node at the first node, wherein local data consensus is carried out between the first node and the second node at least according to the block number and the intelligent contract number of the intelligent contract.
12. The device of claim 11, wherein the rights management field further includes access rights to the smart contract by the second node, the access rights including read-write access rights that set read-write rights.
13. The apparatus of claim 11 or 12, wherein said distributing at the first node the key to the second node according to the list of accessible addresses comprises:
key distribution is performed in point-to-point communication, the keys comprising symmetric keys.
14. The apparatus of claim 11 or 12, wherein the key and the chunk data are received at the second node, and the encrypted smart contract is decrypted from the chunk data using the key to create the decrypted smart contract.
15. The apparatus of claim 14, wherein a transaction is performed at the second node according to the decrypted smart contract.
16. The apparatus of claim 11 or 12, wherein the tile data further comprises a tile number, transaction data, a signature, and a random number.
17. The apparatus of claim 16, wherein historical transaction data and a current state of the intelligent contract are stored in logical isolation in a database, the current state of the intelligent contract being queried according to the block number stored in the database and an intelligent contract number of the intelligent contract.
18. The apparatus of claim 16, wherein the first node and the second node share data via point-to-point communication.
19. The apparatus of claim 18, wherein the data consensus is performed according to a transaction data summary formed from the block number, a smart contract number for the smart contract, and historical transaction data for the smart contract.
20. The apparatus of claim 11 or 12, the instructions, when executed by the processor, cause the apparatus to further perform the actions of:
sending, at the first node, the block data to a third node of the blockchain without distributing the key to the third node.
21. A computer-readable storage medium having computer-readable program instructions stored thereon for performing the method of any of claims 1-10.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710318981.8A CN107273759B (en) | 2017-05-08 | 2017-05-08 | Method, apparatus, and computer-readable storage medium for protecting blockchain data |
| PCT/CN2018/078518 WO2018205731A1 (en) | 2017-05-08 | 2018-03-09 | Method and device for protecting block chain data and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710318981.8A CN107273759B (en) | 2017-05-08 | 2017-05-08 | Method, apparatus, and computer-readable storage medium for protecting blockchain data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107273759A CN107273759A (en) | 2017-10-20 |
| CN107273759B true CN107273759B (en) | 2020-07-14 |
Family
ID=60074098
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710318981.8A Expired - Fee Related CN107273759B (en) | 2017-05-08 | 2017-05-08 | Method, apparatus, and computer-readable storage medium for protecting blockchain data |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN107273759B (en) |
| WO (1) | WO2018205731A1 (en) |
Families Citing this family (56)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107273759B (en) * | 2017-05-08 | 2020-07-14 | 上海点融信息科技有限责任公司 | Method, apparatus, and computer-readable storage medium for protecting blockchain data |
| CN108234442B (en) * | 2017-10-26 | 2020-11-27 | 招商银行股份有限公司 | Method, system and readable storage medium for acquiring contract |
| CN108009824A (en) * | 2017-11-28 | 2018-05-08 | 北京博晨技术有限公司 | Data common recognition method, apparatus and electronic equipment |
| CN108418689B (en) * | 2017-11-30 | 2020-07-10 | 矩阵元技术(深圳)有限公司 | Zero-knowledge proof method and medium suitable for block chain privacy protection |
| CN108170740B (en) * | 2017-12-18 | 2022-04-26 | 深圳前海微众银行股份有限公司 | Data migration method, system and computer readable storage medium |
| CN108282459B (en) | 2017-12-18 | 2020-12-15 | 中国银联股份有限公司 | Data transmission method and system based on intelligent contract |
| CN108235772B (en) * | 2017-12-29 | 2021-04-09 | 达闼机器人有限公司 | Data processing method and device based on block chain, storage medium and electronic equipment |
| US11544708B2 (en) * | 2017-12-29 | 2023-01-03 | Ebay Inc. | User controlled storage and sharing of personal user information on a blockchain |
| CN111587434A (en) * | 2018-01-02 | 2020-08-25 | 惠普发展公司,有限责任合伙企业 | Adjustment of modifications |
| CN108346110B (en) * | 2018-01-26 | 2021-04-02 | 广东工业大学 | Information interaction system based on manufacturing block chain |
| CN108335207B (en) | 2018-02-14 | 2020-08-04 | 阿里巴巴集团控股有限公司 | Asset management method and device and electronic equipment |
| CN108492180B (en) * | 2018-02-14 | 2020-11-24 | 创新先进技术有限公司 | Asset management method and device and electronic equipment |
| CN108389118B (en) | 2018-02-14 | 2020-05-29 | 阿里巴巴集团控股有限公司 | Asset management system, method and device and electronic equipment |
| CN108335206B (en) | 2018-02-14 | 2020-12-22 | 创新先进技术有限公司 | Asset management method and device and electronic equipment |
| CN108416675A (en) | 2018-02-14 | 2018-08-17 | 阿里巴巴集团控股有限公司 | Assets management method and device, electronic equipment |
| CN108416226B (en) * | 2018-02-26 | 2020-07-14 | 深圳智乾区块链科技有限公司 | Authority management method and device of block chain and computer readable storage medium |
| CN108616574B (en) * | 2018-03-30 | 2020-06-16 | 华为技术有限公司 | Management data storage method, device and storage medium |
| CN110390516B (en) * | 2018-04-20 | 2023-06-06 | 伊姆西Ip控股有限责任公司 | Method, apparatus and computer storage medium for data processing |
| CN108596618B (en) * | 2018-04-26 | 2022-03-04 | 众安信息技术服务有限公司 | Data processing method and device for block chain system and computer readable storage medium |
| CN108848058A (en) * | 2018-05-07 | 2018-11-20 | 众安信息技术服务有限公司 | Intelligent contract processing method and block catenary system |
| CN108737105B (en) * | 2018-05-07 | 2021-09-28 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | Method and device for retrieving private key, private key equipment and medium |
| CN108829725B (en) * | 2018-05-09 | 2021-06-25 | 深圳壹账通智能科技有限公司 | Block chain user communication method, block chain user communication device, terminal equipment and storage medium |
| KR102384351B1 (en) * | 2018-05-09 | 2022-04-06 | 삼성에스디에스 주식회사 | Method for generating a block in a blockchain-based system |
| CN108805565B (en) * | 2018-05-17 | 2022-01-18 | 深圳前海微众银行股份有限公司 | Block chain based commitment presence proving method, device and readable storage medium |
| CN108768988B (en) * | 2018-05-17 | 2021-01-05 | 深圳前海微众银行股份有限公司 | Block chain access control method, block chain access control equipment and computer readable storage medium |
| CN108664223B (en) | 2018-05-18 | 2021-07-02 | 百度在线网络技术(北京)有限公司 | Distributed storage method and device, computer equipment and storage medium |
| CN110472428B (en) * | 2018-07-06 | 2021-09-10 | 腾讯科技(深圳)有限公司 | Medical data sharing method and system based on block chain |
| JP7056430B2 (en) * | 2018-07-18 | 2022-04-19 | 株式会社デンソー | History management method, history management device and history management system |
| CN109214197B (en) * | 2018-08-14 | 2021-07-27 | 上海点融信息科技有限责任公司 | Method, apparatus and storage medium for processing private data based on block chain |
| CN109359957B (en) * | 2018-09-17 | 2022-11-22 | 中国银联股份有限公司 | Safe multiparty computing method and related device |
| CN109040133A (en) * | 2018-09-27 | 2018-12-18 | 上海点融信息科技有限责任公司 | The method, apparatus and storage medium of intelligent contract are installed in block chain network |
| CN109255210A (en) * | 2018-09-27 | 2019-01-22 | 上海点融信息科技有限责任公司 | The method, apparatus and storage medium of intelligent contract are provided in block chain network |
| US11301452B2 (en) | 2018-10-09 | 2022-04-12 | Ebay, Inc. | Storing and verification of derivative work data on blockchain with original work data |
| CN113283905A (en) * | 2018-10-26 | 2021-08-20 | 创新先进技术有限公司 | Data storage and acquisition method and device based on block chain |
| CN109727132B (en) * | 2018-12-28 | 2021-03-23 | 合肥达朴汇联科技有限公司 | Method and device for acquiring block chain consensus node, electronic equipment and storage medium |
| CN109493061B (en) * | 2018-12-28 | 2021-03-23 | 合肥达朴汇联科技有限公司 | Verification method and device for data of block chain, electronic equipment and storage medium |
| CN111382458A (en) * | 2018-12-28 | 2020-07-07 | 富泰华工业(深圳)有限公司 | Data batch sealing method and device and computer storage medium |
| CN109727033B (en) * | 2018-12-29 | 2020-12-11 | 杭州趣链科技有限公司 | Block chain-based data security access control method |
| CN109831298B (en) * | 2019-01-31 | 2020-05-15 | 阿里巴巴集团控股有限公司 | Method for safely updating key in block chain, node and storage medium |
| CN111767555A (en) * | 2019-01-31 | 2020-10-13 | 阿里巴巴集团控股有限公司 | Method for realizing privacy protection in block chain, node and storage medium |
| CN111901402A (en) * | 2019-02-19 | 2020-11-06 | 创新先进技术有限公司 | Method, node and storage medium for implementing privacy protection in block chain |
| CN110060158B (en) * | 2019-03-07 | 2020-06-09 | 阿里巴巴集团控股有限公司 | Variable length coding-based intelligent contract execution method and device |
| CN109886694B (en) * | 2019-03-26 | 2021-04-27 | 创新先进技术有限公司 | Data processing method and device based on block chain and electronic equipment |
| CN110264195B (en) * | 2019-05-20 | 2021-03-16 | 创新先进技术有限公司 | Receipt storage method and node combining code marking with transaction and user type |
| CN110213268A (en) * | 2019-05-31 | 2019-09-06 | 联想(北京)有限公司 | A kind of data processing method, data processing equipment and computer system |
| CN110266467B (en) * | 2019-05-31 | 2021-04-27 | 创新先进技术有限公司 | Method and device for realizing dynamic encryption based on block height |
| CN110971390A (en) * | 2019-11-29 | 2020-04-07 | 杭州云象网络技术有限公司 | Fully homomorphic encryption method for intelligent contract privacy protection |
| CN111127205B (en) * | 2019-12-23 | 2020-11-20 | 卓尔智联(武汉)研究院有限公司 | Intelligent contract generation method and device, computer equipment and storage medium |
| CN113127921A (en) * | 2019-12-31 | 2021-07-16 | 伊姆西Ip控股有限责任公司 | Method, electronic device and computer program product for data management |
| CN111262692B (en) * | 2020-01-08 | 2023-02-28 | 网络通信与安全紫金山实验室 | Key distribution system and method based on block chain |
| CN113496398A (en) * | 2020-03-19 | 2021-10-12 | 中移(上海)信息通信科技有限公司 | Data processing method, device, equipment and medium based on intelligent contract |
| CN111478890B (en) * | 2020-03-30 | 2021-12-03 | 中国科学院计算技术研究所 | Network service access control method and system based on intelligent contract |
| CN112468577B (en) * | 2020-11-25 | 2021-11-02 | 上海欧冶金融信息服务股份有限公司 | Data controllable sharing method and system based on data mapping relation |
| CN112822224B (en) * | 2021-04-19 | 2021-06-22 | 国网浙江省电力有限公司 | Safe transmission method for financial data query |
| CN113360883B (en) * | 2021-06-10 | 2023-07-11 | 网易(杭州)网络有限公司 | Intelligent contract processing method and device, computer equipment and storage medium |
| CN114666064A (en) * | 2022-03-25 | 2022-06-24 | 广东启链科技有限公司 | Block chain-based digital asset management method, device, storage medium and equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105812126A (en) * | 2016-05-19 | 2016-07-27 | 齐鲁工业大学 | Lightweight back-up and efficient restoration method of health block chain data encryption keys |
| CN106022917A (en) * | 2016-05-08 | 2016-10-12 | 杭州复杂美科技有限公司 | Block chain matching exchange scheme |
| CN106534097A (en) * | 2016-10-27 | 2017-03-22 | 上海亿账通区块链科技有限公司 | Block chain trading based authority control method and system |
| CN106548330A (en) * | 2016-10-27 | 2017-03-29 | 上海亿账通区块链科技有限公司 | Transaction verification method and system based on block chain |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106341421B (en) * | 2016-10-31 | 2019-04-02 | 杭州云象网络技术有限公司 | A kind of method for interchanging data based on block chain technology |
| CN106506505A (en) * | 2016-11-15 | 2017-03-15 | 深圳银链科技有限公司 | A kind of list based on block chain is close to be chatted and group close merely method and its system |
| CN107273759B (en) * | 2017-05-08 | 2020-07-14 | 上海点融信息科技有限责任公司 | Method, apparatus, and computer-readable storage medium for protecting blockchain data |
-
2017
- 2017-05-08 CN CN201710318981.8A patent/CN107273759B/en not_active Expired - Fee Related
-
2018
- 2018-03-09 WO PCT/CN2018/078518 patent/WO2018205731A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106022917A (en) * | 2016-05-08 | 2016-10-12 | 杭州复杂美科技有限公司 | Block chain matching exchange scheme |
| CN105812126A (en) * | 2016-05-19 | 2016-07-27 | 齐鲁工业大学 | Lightweight back-up and efficient restoration method of health block chain data encryption keys |
| CN106534097A (en) * | 2016-10-27 | 2017-03-22 | 上海亿账通区块链科技有限公司 | Block chain trading based authority control method and system |
| CN106548330A (en) * | 2016-10-27 | 2017-03-29 | 上海亿账通区块链科技有限公司 | Transaction verification method and system based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107273759A (en) | 2017-10-20 |
| WO2018205731A1 (en) | 2018-11-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107273759B (en) | Method, apparatus, and computer-readable storage medium for protecting blockchain data | |
| CN110520882B (en) | Parallel execution of transactions in a blockchain network | |
| CN107360248B (en) | Method and apparatus for configuring local consensus and computer-readable storage medium | |
| US9641338B2 (en) | Method and apparatus for providing a universal deterministically reproducible cryptographic key-pair representation for all SKUs, shipping cartons, and items | |
| EP3560143B1 (en) | Data isolation in a blockchain network | |
| CN107169371B (en) | A kind of database operation method and system based on block chain | |
| WO2019120326A2 (en) | Managing sensitive data elements in a blockchain network | |
| Parmar et al. | Large-scale encryption in the Hadoop environment: Challenges and solutions | |
| US11296879B2 (en) | Encrypted search | |
| US11616636B2 (en) | Hash updating methods and apparatuses of blockchain integrated station | |
| US11387999B2 (en) | Access to secured information | |
| US9660801B2 (en) | Methods and devices for key management in an as-a-service context | |
| US10887085B2 (en) | System and method for controlling usage of cryptographic keys | |
| CN113329030A (en) | Block chain all-in-one machine, password acceleration card thereof, and key management method and device | |
| CN112953974B (en) | Data collision method, device, equipment and computer readable storage medium | |
| CN112235193A (en) | Data transmission method, device, equipment and medium based on cross-network multi-level routing | |
| CN111008400A (en) | Data processing method, device and system | |
| CN110708390A (en) | Data processing method, device, apparatus and medium based on inter-node data sharing | |
| CN111046408A (en) | Judgment result processing method, query method, device, electronic equipment and system | |
| CN113609156B (en) | Data query and write method and device, electronic equipment and readable storage medium | |
| CN114357472B (en) | Data tagging method, system, electronic device and readable storage medium | |
| CN111881474B (en) | Private key management method and device based on trusted computing environment | |
| US20230269092A1 (en) | Distributed network having a plurality of subnets | |
| EP4173223A1 (en) | Verification key generation in distributed networks | |
| KR20210067208A (en) | Network system and method for performing message security thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1239856 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200714 |